-FTP protocol is a true BSD heritage and it originated in the 1970's at Berkeley University. FTP (file transfer protocol) is widely used to copy files from one host to another. FTP is based on the client-server model. Thus, if a user need to make changes to the file he/she must download/get it from the server. Depending on how a user wants to share the files, the FTP server can be configured to provide anonymous access or access chrooted to users home directory. Anonymous ftp server are configured to provide an access to a repository or files to be shared with the world. On the other hand chrooted ftp server is configured to let a person access his/her dedicated space.

-

-Other challenge is whether to configure it in active mode or passive mode.

-

-**Active Mode** - In active mode FTP the client connects from a random unprivileged port (N > 1023) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command `PORT N+1` to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20. The main problem with active mode FTP actually falls on the client side. The FTP client doesn't make the actual connection to the data port of the server--it simply tells the server what port it is listening on and the server connects back to the specified port on the client. From the client side firewall this appears to be an outside system initiating a connection to an internal client - something that is usually blocked.

-

-

-**Passive Mode** - In order to resolve the issue of the server initiating the connection to the client a different method for FTP connections was developed. This was known as passive mode, or `PASV`, after the command used by the client to tell the server it is in passive mode. In passive mode FTP the client initiates both connections to the server, solving the problem of firewalls filtering the incoming data port connection to the client from the server. Although the client contacts to the server supplying both the ports, the server opens a random unprivileged port (P > 1023) and sends the `PORT P` command back to the client. The client then initiates the connection from the port N+1 to port P on the server for data transfer. The biggest issue is the need to allow any remote connection to high numbered ports on the server.

-

-## Setting Up FTP Services

-

-### Adding the FTP user account

-

-First you need a ftp account on your system. This account should not have a usable password. We will set the login directory to */home/ftp* but it's totally your choice. when using anonymous ftp, the ftp daemon will chroot itself in the */home/ftp* directory. We also need to add a shell to be provided to ftp user. The account can be added with the adduser(8) or pw(8).

-

- # echo /usr/bin/false >> /etc/shells

-

-

- # adduser

- Username : ftp

- Full name []: anonymous ftp

- Uid (Leave empty for default): <Enter>

- Login group ftp [ftp]: <Enter>

- Login group is "ftp". Invite ftp into other groups? []: <Enter>

- Login class [default]: <Enter>

- Shell (sh csh tcsh false nologin) [sh]: false

- Home directory [home/ftp]: <Enter>

- Lock out the account after creation? [n]: no

-

- Username : ftp

- Password :

- Full Name : anonymous ftp

- Uid : 1002

- Class : default

- Groups : ftp

- Home : /home/ftp

- Shell : /usr/bin/false

- Locked : no

- OK? (yes/no) : yes

- adduser: INFO: Successfully added (ftp) to the user database.

- Add another user? (yes/no): no

- Goodbye!

-

-Note: For chrooted user ftp server you need to enter a password , change the full name and make a separate home directory

-Along with the user, this created the directory /home/ftp. We need to change the permissions to make it equip for the anonymous user (it is totally administrators choice).

-

-*/home/ftp* - This is the main directory. It should be owned by root and have permissions of 555.

-

-*/home/ftp/etc* - This is entirely optional and not recommended, as it only serves to give out information on users which exist on your box. If you want your anonymous ftp directory to appear to have real users attached to your files, you should copy */etc/pwd.db* and */etc/group* to this directory. This directory should be mode 511, and the two files should be mode 444. These are used to give owner names as opposed to numbers. There are no passwords stored in pwd.db, they are all in spwd.db, so don't copy that over.

-

-*/home/ftp/pub* - This is a standard directory to place files in which you wish to share. This directory should also be mode 555.

-

- # cd /home/ftp

- # mkdir pub

- # mkdir etc

-

- # chmod 555 /home/ftp

- # chmod 555 etc pub

-

-### Configuring The Server

-

- */etc/ftpwelcome* – Welcome message to the people connected to ftp server before login.

- */etc/motd* – Contains a message displayed to the client after login.

- */etc/ftpchroot* – Lists users who have permission to login into their chrooted directories.

-If you wish to start the inetd - internet super server during system boot, add the following line into */etc/rc.conf*

-

- inetd_enable = "YES"

-

-Want to Start immediately:

-

- #/etc/rc.d/inetd start

-

-#### Starting standalone

-Open the file /etc/rc.conf and add the entries:

-

- ftpd_enable = "YES"

- ftpd_flags = "-options"

-

-### Packet Filtering Setting

-

-A packet filter setting for example can be configured as follows, concerning FTP in passive mode. em0 is the interface used for traffic flow (on my guest OS), port 21 is running and then two ranges of ports, here some people would definitely not be happy about the number of ports opened to the attacker. You can use netstat(1) for more detail information about routing, packet flow, address family used, etc.

-

- # netstat -rn

- em0=“internet“

- tcp_services="{ 21 1023:1060 50000: 65535 }"

-

-### Client Side of FTP

-

-Their are numerous ftp clients available. Now-a-days any browser can be use as ftp client. Nautilus and Konqueror can also be used for complex ftp transfers.

-

-### Done

-

-Congrats! Now you have a working FTP server. You can go on with sharing files and making your FTP server more secure.